[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Fri Apr 20 10:58:21 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via d2118367add0840df472f48e48be19f075a3dec0 (commit)
via 71d52f1a8ebdf1d26b6b53e4e1f85f2ff1b0d9b8 (commit)
from f55e2fa7b9d4692b31ad7ad72e71915e853de384 (commit)
- Log -----------------------------------------------------------------
commit d2118367add0840df472f48e48be19f075a3dec0
Author: Matt Caswell <matt at openssl.org>
Date: Thu Apr 19 16:44:17 2018 +0100
Add a test for SSL_pending()
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6021)
commit 71d52f1a8ebdf1d26b6b53e4e1f85f2ff1b0d9b8
Author: Matt Caswell <matt at openssl.org>
Date: Thu Apr 19 16:42:39 2018 +0100
Fix SSL_pending() for DTLS
DTLS was not correctly returning the number of pending bytes left in
a call to SSL_pending(). This makes the detection of truncated packets
almost impossible.
Fixes #5478
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6021)
-----------------------------------------------------------------------
Summary of changes:
ssl/record/rec_layer_d1.c | 2 ++
test/sslapitest.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 58 insertions(+)
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index b3ff5f1..c753a54 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -423,6 +423,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* get new packet if necessary */
if ((SSL3_RECORD_get_length(rr) == 0)
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) {
+ RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
ret = dtls1_get_record(s);
if (ret <= 0) {
ret = dtls1_read_failed(s, ret);
@@ -432,6 +433,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
else
goto start;
}
+ RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
}
/*
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 77e8f2e..8badd28 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1208,6 +1208,61 @@ end:
return testresult;
}
+static int test_ssl_pending(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char msg[] = "A test message";
+ char buf[5];
+ size_t written;
+
+ if (tst == 0) {
+ if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+ TLS1_VERSION, TLS_MAX_VERSION,
+ &sctx, &cctx, cert, privkey)) {
+ printf("Failed creating SSL_CTX pair\n");
+ goto end;
+ }
+ } else {
+#ifndef OPENSSL_NO_DTLS
+ if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(),
+ DTLS1_VERSION, DTLS_MAX_VERSION,
+ &sctx, &cctx, cert, privkey)) {
+ printf("Failed creating SSL_CTX pair\n");
+ goto end;
+ }
+#else
+ return 1;
+#endif
+ }
+
+ if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)
+ || !create_ssl_connection(serverssl, clientssl)) {
+ printf("Failed creating connection\n");
+ goto end;
+ }
+
+ written = SSL_write(serverssl, msg, sizeof(msg));
+ if (written != sizeof(msg)
+ || SSL_read(clientssl, buf, sizeof(buf)) != sizeof(buf)
+ || SSL_pending(clientssl) != (int)(written - sizeof(buf))) {
+ printf("Failed checking SSL_pending\n");
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+
int main(int argc, char *argv[])
{
BIO *err = NULL;
@@ -1244,6 +1299,7 @@ int main(int argc, char *argv[])
ADD_TEST(test_ssl_bio_change_wbio);
ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
ADD_ALL_TESTS(test_custom_exts, 2);
+ ADD_ALL_TESTS(test_ssl_pending, 2);
testresult = run_tests(argv[0]);
More information about the openssl-commits
mailing list